Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Repair or Rebuild?Single Windows 2000 SP4 DC in remote site

Posted on 2007-10-04
30
Medium Priority
?
380 Views
Last Modified: 2010-05-18
Hello,

I have a single Windows 2000 domain with four sites. I have a DC in a remote site that needs some serious help. I'm leaning towards having a repair done because explorer crashes every time you try and open a window. This DC is the lone DC in its site, it doesn't hold any FSMO roles. It serves DNS and DHCP for the hosts on the small LAN that it's on. This is a very remote site, so I can't get to the machine. Which means I need to compose instructions on what to do and walk someone over the phone to get things done.

So, I'm looking for suggestions/guidance. What do I do?

Thanks
0
Comment
Question by:lucado01
  • 16
  • 14
30 Comments
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20017067
is it the only server at the site? or is there another there that you can promote?  i hope you have someone there that has some savy about them. good luck mate
0
 

Author Comment

by:lucado01
ID: 20017093
There is another server, its a Windows 2000 member server that acts as the file server. And yes, luckily there is someone out there who is good.

So it sounds like you would suggest promoting the member server, make it a DC and GC, let it run DNS and DHCP. Then demote the original DC. Take it out of the domain and then run a repair using the Windows 2000 CD. Assuming that works, join it back to the domain, dcpromo it and then demote the other one?
0
 
LVL 12

Accepted Solution

by:
Network_Data_Support earned 2000 total points
ID: 20017242
yeh or even make the server you repair the file server so just swap them. my reason for promotingthe other first is so you have no problems with the users if you were going to do it in work hours. if you going to do it out of hours then spose you could just bring down the dc and repair it
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20017252
plus if you have the other as a DC all working with GC first you are sort of covering yourself
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20017262
i spose dc that has gone bad dont have enough space tho right to become a fileserver
0
 

Author Comment

by:lucado01
ID: 20017331
I'm going to get that information tomorrow.
0
 

Author Comment

by:lucado01
ID: 20017860
Question, if we go ahead and promote the member server to a DC but then cannot dcpromo down the original, troubled DC, what is the best course of action? I've read you can just remove the DC and then use ntdsutil.exe to clean up references of the old DC in AD. If that's so, any documentation on that topic?
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20020205
0
 

Author Comment

by:lucado01
ID: 20035634
OK. This is getting a uglier. Chances are, we won't have another computer available to us to promote as a DC while we dcpromo down the original one and rebuild it.

So here's my question. If we can't dcpromo down the troubled DC, how bad is it to just shut it off, wipe it, rebuild it, call it server 2 instead of server1, join it to the domain, dcpromo it and let it rip? Every fiber of my being says NOT to do this but I want to make sure I'm not being a wus either.  

Thanks.
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20035802
it will work and be fine but you will be left with the old server details in AD and you will need clean it out. was the server being used as a DHCP? DNS?

you might have proplems with Authentication while it is down.
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20035808
oh right if you dcpromo it be fine should clean AD for you. was this a GC server also?
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20035820
do it out of hours if you can and it be fine i read again that its a DNS and DHCP so clients might have trouble getting ips and they wont be able to access the other server as will the server not access your domain if this is on a different subnet.
0
 

Author Comment

by:lucado01
ID: 20035882
So even if we can't dcpromo the original domain controller out of there, we can format it, re-install it, name it something else, dcpromo it, and it should be fine? My biggest worry is that since it's a remote location, it may take a LONG time for it to replicate in Sites and Services.

 I'm assuming we can run ntdsutil from where I'm at and remove any instances of the server with it's old name?
0
 

Author Comment

by:lucado01
ID: 20035887
Forgot to add, yes, this was a GC, DNS and DHCP too. Doing this after hours or on the weekend will be the way to go. I just wish I was there to do it!
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20035975
yeh i know bit crap if something goes wrong and u cant be there. if you dcpromo the old server it will remove it from AD anyway. you can even once that is done you can even remove it from the domain and then when you rebuild it again call it the same as it was
0
 

Author Comment

by:lucado01
ID: 20036015
OK, I'm pretty sure will give this a try. It won't happen for a few days, we should have the outcome by this time next week.
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20036097
ah you be fine as long as you have someone there whos has some sort of clue
0
 

Author Comment

by:lucado01
ID: 20051725
Help!

I'm trying to copying the Windows Server 2000 CD to a folder on my computer and push it across the network to the remote site. Half way through the copy job, it bombs out and gives me an error.

Is there a way to copy this over successfully? I need to make this happen in the next 48 hours.

Thanks for all of the help.
0
 

Author Comment

by:lucado01
ID: 20058574
Disregard the last post. We burned the OS as an iso and were able to copy it down to the remote site.

I do have another question. It turns out we do have a machine now available to us. So we're going back to our original plan, which is to build a box up, promote it as a DC and then install DNS and DHCP on it.

My question is, do I need to turn the DHCP service off of the original DC in order to get the other one up and running? I want to use the same scope that it's using now.

I would assume I have to and would also assume that hosts would only be impacted for as long as the service is down or would they continue to maintain connectivity and function as normal?
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20058701
yes you will have to deactivate the scope as you will not beable to assign the same scope twice it wont let ypu.

thats right as soon as the dhcp scope is activated it will begi sevicing clients requests
0
 

Author Comment

by:lucado01
ID: 20064997
Hey,

One last question. We're getting ready to do this. Once the new DC comes up in that site will it automatically set up connections in AD Sites and Services or is this something I'll have to manually configure?
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20065043
if you have created a new dc you will have to take a look in sites and services snap in and connect and link it otherwise your have problems with replication
0
 

Author Comment

by:lucado01
ID: 20066692
OK, so the new sever will automatically show up under the site\server object once it's been promoted and had a chance to replicate. Then I'll right click on the NTDS Settings of the new server, choose New Active Directory Connection and then go through the steps?

We'll be bringing on another DC at that site tomorrow. I'll need to make the one we bring online tonight a DC. Is there any process to gracefully make the new DC the bridgehead server and take that role away from the old one?
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20066820
By default, the Knowledge Consistency Checker (KCC) elects a DC to be a bridgehead server. As the KCC builds the replication topology, it evaluates DCs in each site to determine whether they can be bridgehead servers. Essentially, the KCC attempts to establish the minimum number of DCs necessary to replicate the three NCs between its site and any connected sites. If more than one DC is eligible for the role of bridgehead server, the KCC sorts the DCs by their globally unique identifiers (GUIDs) and elects the server that has the lowest GUID.
0
 

Author Comment

by:lucado01
ID: 20067793
So when the original DC, which is a bridgehead server,  is demoted via dcpromo from the domain, KCC will make the new DC a bridgehead server?  
0
 

Author Comment

by:lucado01
ID: 20070967
OK,

We got the one DC built. Everything looks great except in Directory Services where this error registered about a dozen times:

NTDS General
Internal Processing
Event ID: 1153

Class identifier xxxxxxxxxxxxx (classname xxxxxxxxx) has an invalid superclass xxxxxxxx inheritance ignored.

I looked this up on eventid.net and all references listed this as a benign error. We aren't going to install Exchange on the box. Is this a result of adprep not being run on the box so it can't process Exchange attributes?
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20073258
have you named this dc the same as the old one?   if so did you have exchange on the old box?

this error indicates a delay in updating the schema
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20073264
This behavior occurs because the schema is imported in an order other than superclass inheritance. When a class is imported, superclass attributes point to other classes. Because these may not have been imported yet, you see these errors in the application event log.

You can safely ignore these errors.
0
 

Author Comment

by:lucado01
ID: 20073618
Great. We did it! The problem server has been rebuilt and everything seems to be running smoothly.

While we were able to dcpromo down the troubled box, I see that it's still in AD site & services, although there's no NTDS settings object for it. I also saw a host record left over. I presume I can go in, right click and delete these traces of the dead server.

Are there any other places I might need to manually remove this box from?

Thanks for all of your help.
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20074098
all you need to know about deleting a DC after a unsucsesfull dcpromo

http://support.microsoft.com/kb/216498

0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question